Documentation

Tunnels

At AzireVPN, we propose a variety of solutions such as different tunnels and proxies. We are also supporting different clients, covering all the needs of our users.

WireGuard

WireGuard is a new promising open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a formally verified construction for the key exchange.

Authentication on our service is done using asymmetrical cryptography, using a pair of public and private keys. We strongly recommend our users to use this tunnel as it is more robust, secure, faster, multi-threaded and considerably less bloated than OpenVPN.

ChaCha20 with Poly1305 for authentication and data integrity, using an AEAD algorithm defined in the RFC 7539

Key exchange authentication

Noise_IKpsk2 from the Noise Protocol Framework, using Curve25519, Blake2s, and ChaCha20‑Poly1305

Using an user space implementation and a TAP component (network tap used to capture network packets) on Windows where it is not possible to build WireGuard into the kernel and running it.

Using an official Go user space implementation on macOS and Android stock ROMs where it is not possible to build the WireGuard Linux kernel module and running it.

It is possible to choose whichever port in this range. The default port is 51820.

OpenVPN

OpenVPN is an open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a custom security protocol using TLS for the key exchange.

Authentication on our service is done using a username/password method or a token and certificates.

Diffie‑Hellman method and Perfect Forward Secrecy (DHE) using a RSA key with a 4096 bit key size, with a re‑keying every 120 minutes

Additional auth key

RSA with a 2048 bit key size

Additional crypt key

RSA with a 2048 bit key size

It is necessary to compile azclient by hand on Linux. Instructions and commands can be found on the GitHub.

TCP is actually only available in Shared (NAT) IP mode. We recommend our users to use UDP as it is faster protocol. More information in our FAQ.

Tokens can be generated on the dashboard manager. A connection is established using token as username and the token value as password.

SOCKS5

SOCKS is an Internet protocol that permits exchange of network packets between a client and a server. Our proxy tunnel is not encrypted and only serves the purpose of forwarding packets to another location at the exit of the VPN tunnel. It is mainly used on our service to by-pass geo-restrictions while staying connected on the same VPN tunnel in another location.